Event-Driven Order Workflow Lab

Concepts Covered

• Event-driven architecture
• EventBridge event bus and rules
• SQS queues and dead-letter queues
• Lambda event source mappings
• Step Functions Retry and Catch
• Idempotency and duplicate handling
• Partial batch failure handling
• CloudWatch alarms
• Cost and retry controls
• SAA-C03 event-driven traps

1. Lab Goal

Design an event-driven order workflow for an ecommerce application.

The goal is to practice separating communication patterns:

route events -> buffer work -> coordinate steps -> isolate failures -> notify subscribers

By the end, you should be able to explain why EventBridge, SQS, Lambda, Step Functions, SNS, and DLQs are not interchangeable. They solve different parts of the workflow.

2. Scenario Brief

An order service accepts customer orders. After an order is created, the system must reserve inventory, authorize payment, notify shipping, send customer confirmation, update analytics, and handle failures.

The team wants checkout to remain responsive even if analytics or notification systems are slow. Payment and inventory require careful retry behavior. Shipping can be temporarily unavailable. The company wants visibility into failed messages and failed workflows.

Design the event flow and failure model.

3. Architecture Decision Targets

Decide these items:

• Event router: EventBridge event bus for business events such as OrderCreated.
• Durable work buffer: SQS queues for consumers that should process work independently.
• Compute: Lambda consumers for queue-backed handlers when the runtime fits.
• Workflow: Step Functions for ordered payment, inventory, shipping, and compensation paths when state and branching matter.
• Failure isolation: DLQs for messages that repeatedly fail.
• Retry design: idempotency keys and safe side effects before enabling retries.
• Observability: alarms on queue age, DLQ depth, Lambda errors, throttles, and workflow failures.

The lab is successful only if the failure path is as clear as the happy path.

4. Design Constraints

Use these constraints:

• Order acceptance should not wait on analytics or email.
• Payment should not be charged twice because of retries.
• Inventory reservation needs an auditable outcome.
• Shipping outages should not lose orders.
• Analytics can lag behind the main order workflow.
• Failed messages should be isolated and investigated.
• The design should avoid a single Lambda function that hides the entire workflow.

These constraints are meant to expose service boundaries.

5. Guided Build Plan

Start with the event contract.

Define an OrderCreated event with an order ID, customer reference, safe metadata, and timestamps. Avoid putting sensitive payment details into broad events.

Publish the event to EventBridge after the order is durably stored. EventBridge rules route the event to targets. One rule can start a Step Functions fulfillment workflow. Other rules can send events to SQS queues for analytics, notifications, or shipping-related processors.

Use SQS when a consumer needs durable buffering and independent retry behavior. Lambda can poll SQS through an event source mapping. Configure visibility timeout and batch size based on processing time and failure behavior.

Use Step Functions when the workflow has ordered steps, branching, retry and catch behavior, compensation, audit history, or human approval.

Add DLQs for queues where repeated failure should be isolated. Add alarms so DLQs do not become silent storage.

6. Security Review

Use IAM roles scoped to the specific event bus, queue, Lambda function, state machine, table, topic, or secret each component needs.

Use resource policies carefully if events or queues cross accounts. Do not give every Lambda broad access to every queue or table.

Encrypt queues, topics, and workflow data where required. If KMS is used, include key authorization in the design.

Avoid logging full order payloads if they include sensitive data. Logging is useful, but a log stream should not become a data leak.

7. Resilience Review

Event-driven systems fail in subtle ways. A queue that keeps growing is an outage in progress, even if the application still accepts orders.

Use retries deliberately. Lambda with SQS can retry failed messages; Step Functions can retry task failures and catch errors into fallback states. Retried operations must be idempotent.

Use DLQs to isolate poison messages. Use redrive only after understanding why processing failed.

Document duplicate behavior. Standard queues and many event integrations are at-least-once. The business logic must tolerate duplicates or detect already-completed work.

8. Performance Review

EventBridge helps route events without hard-coding every downstream consumer into the order service.

SQS absorbs bursts and lets consumers process at their own pace. Lambda concurrency can scale, but it can also overload downstream systems if not controlled.

Batch size improves efficiency but complicates failure handling. Partial batch responses can prevent successfully processed SQS messages from being retried when one message in the batch fails.

Step Functions Standard workflows fit long-running, auditable workflows. Express workflows fit high-event-rate, shorter workflows when their execution semantics match the requirement.

9. Cost Review

Cost comes from EventBridge events, SQS requests, Lambda invocations and duration, Step Functions transitions or executions, CloudWatch logs, metrics, alarms, and downstream services.

Avoid sending huge payloads through every event. Store large payloads in S3 or a database and put references in the event.

Filter early when possible. If only analytics needs an event, do not invoke five functions and let four exit.

Set log retention. Debug logs from high-volume Lambda functions can quietly become a meaningful cost.

10. Validation Checklist

Before calling the design complete, answer:

• Is the order durably stored before downstream work begins?
• Which service routes events?
• Which service buffers fragile consumers?
• Which service coordinates ordered business steps?
• What happens when payment times out?
• What happens when shipping is down for 30 minutes?
• Can a retry duplicate a payment or inventory reservation?
• Which alarms reveal queue backlog, DLQ messages, workflow failure, and throttling?
• Which data fields are safe to publish in broad events?

11. Exam Connections

SAA-C03 frequently turns this lab into comparison traps.

"Decouple services so one outage does not block another" points to SQS, EventBridge, or SNS depending on the communication shape.

"One worker should process each message" points to SQS.

"Many subscribers need notification fanout" points to SNS or EventBridge.

"Route events by event pattern to multiple targets" points to EventBridge.

"Coordinate ordered steps with retries and branches" points to Step Functions.

"Message failed repeatedly and needs isolation" points to DLQ.

"Avoid duplicate side effects" points to idempotency, not just another AWS service.

12. Cleanup And Next Steps

If you implement the lab, delete test event buses, rules, queues, DLQs, Lambda functions, state machines, log groups, alarms, and test data when finished.

Next, review Event-Driven Order Processing, SQS vs SNS vs EventBridge, and Step Functions vs SQS And Lambda Retries.

Official AWS references:

• Event buses in Amazon EventBridge
• Event bus targets in Amazon EventBridge
• Using dead-letter queues in Amazon SQS
• Creating and configuring an Amazon SQS event source mapping
• Handling errors in Step Functions workflows